Taiko ERC20 Vault Hacked, Loss Exceeds $1 Million

BlockBeats News, June 22nd, cybersecurity company Blockaid stated that it has detected an attack on Taiko's ERC20 Vault on Ethereum, resulting in a loss of over $1 million.

Initial analysis indicates that the vulnerability originated from a flaw in Taiko's cross-chain bridge source-signal proof verification mechanism. The attacker's crafted message proof was accepted by the Ethereum mainnet without corresponding to a legitimate MessageSent event on the Taiko chain, allowing the registration and extraction of a forged cross-chain message. This ultimately led to the unauthorized release of assets in the ERC20 Vault.